RFID Skimming

RFID skimming is a form of digital theft. Radio frequency identification refers to a technology that allows for the exchange of data without contact. The data stored on RFID chips in credit cards, passports, and admission cards can be read wirelessly without your knowledge using the appropriate reader, and then misused or duplicated. In other words: digital pickpockets can steal from their victim as they walk by.

How does that work?

An RFID system comprises a chip and a device for reading the data. The chips are the size of a grain of rice or so flat that they can be integrated into cards or even textiles. Most new credit and EC cards feature chips with the further developed near field communication (NFC) technology, which is based on RFID chips and only works over distances of a few centimeters. But sufficiently strong readers with the right equipment make it possible to access data over a distance of up to a meter, as experts have confirmed. In the case of systems that are poorly or not at all encrypted, cheap readers available online and smartphones with the corresponding app can read data without your knowledge. But professionally encrypted chips can also be infiltrated with specialist knowledge and the appropriate reader.

Which cards are at risk?

Any card that has an RFID chip can be read without your knowledge, including credit and EC cards, employee access cards, season tickets, key cards for hotels and rental cars, rewards cards, and biometric IDs.

What data can be accessed?

In the case of credit cards, it’s primarily the credit card number, expiration date and the cardholder’s name. But a duplicate can also be made with the data on the chip and then used to pay for things. Key cards (for instance for access to a company building) are also very easy to copy. According to critics, the data contained in biometric passports can be accessed with the right specialist knowledge – and even used to make counterfeit passports.

How can I protect myself?

It doesn’t take much: a thin layer of metal is usually all it takes to protect a chip from readers. Our RFID Protection Sleeves feature a thin layer of light metal that blocks the magnetic fields of RFID readers. The sleeves offer reliable protection from the common frequencies used in most RFID systems.

Methods of RFID Attack

The German Fraunhofer SIT has compiled a list of the tricks most commonly used by RFID hackers:

Tracking
Movement profiles can be created by linking RFID chips to individuals. This method is used when personal data is available, as it is, for instance, in ID cards and customer cards.

Cloning and emulation
In this method, duplicates are made with data content.

Man-in-the-middle attacks
Here, the attacker infiltrates the communication between the RFID reader and chip, capturing the data and manipulating it before sending it on to the recipient.

Sniffing
Sniffing is when the data communication transmitted between the RFID chip and reader is monitored or the chip is read using the thief’s own reader.

Denial of service
Unlike in the previous methods, the attacker doesn’t pursue the goal of accessing data but instead attempts to destroy RFID systems or make them unusable.